Next Gen IT Automation World

At Gartner’s IT-XPO in Orlando, FL that was held 16 - 20 October 2011, NJVC gathered a collection of federal and commercial CIOs for a luncheon on “Next Generation IT Automation.” As the luncheon hosts, NJVC hoped to glean information on which fields of IT automation CIOs currently feel they excel and the areas which they wish to learn more. We facilitated the luncheon with five key questions, and a graphic artist captured the luncheon discussion visually. The luncheon participants enjoyed a unique experience, while providing valuable insight into the current challenges of the IT world from a variety of perspectives.

The image below was developed with the help of NJVC’s "imagineers." This “Next Gen IT Automation World” blueprint was developed with your companies needs in mind, but we want additional direction and input as we explore and further build it. We want to make sure this blueprint represents your view of the future of IT automation.

Next Gen IT Automation World

The Next Gen IT Automation World is made up of several lands and rides similar to real-world theme parks, and revolves around the balance of consumer demand and profit for the theme park.

NJVC was pleased with the interest and interaction of the attendees at the CIO luncheon. In subsequent opportunities to present this material, participants had similar experiences. In simple terms, we found a common set of outcomes after each presentation:

• Attendees plan to use this approach with their own staff to garner further discussion and focus requirements
• The land/ride metaphor enabled attendees focus in ways they hadn’t considered before, and appreciated the conversation among their peers
• The key lands identified in the automation theme park are the core areas of focus

The value of this approach, based on attendee feedback, is the novel way that attendees get to think about their particular automation issues. The map paradigm breaks down preconceived barriers on this topic, and presents the concepts in ways groups with different backgrounds can understand.

If you further questions, contact me.

TREC Knowledge Base Acceleration Project

Image via CrunchBase

This blog will raise awareness of a new addition to the Text Retrieval Conference (TREC).

TREC, co-sponsored by the National Institute of Standards and Technology and U.S. Department of Defense, was started in 1992 as part of the TIPSTER Text Program. Its purpose was to support research within the information retrieval community by providing the infrastructure necessary for large-scale evaluation of text retrieval methodologies. In particular, the TREC workshop series has the following goals:

• To encourage research in information retrieval based on large test collections.
• To increase communication among industry, academia, and government by creating an open forum for the exchange of research ideas.
• To speed the transfer of technology from research labs into commercial products by demonstrating substantial improvements in retrieval methodologies on real-world problems.
• To increase the availability of appropriate evaluation techniques for use by industry and academia, including development of new evaluation techniques more applicable to current systems.

John Frank (John R. Frank, jrf (at) mit.edu ) and Ian Soboroff (ian.soboroff (at) nist.gov) are heading up a new Track focusing on Knowledge Base Acceleration (KBA) and their contact information can be found at http://www.mit.edu/~jrf/knowledge-base-acceleration/

What is the TREC Knowledge Base Acceleration Project?

KBA seeks to help humans expand knowledge bases like Wikipedia by automatically recommending edits based on incoming content streams. For our first year in TREC, we are evaluating systems on a single, simple task: filter a stream of content for information that should be linked from a given Wikipedia page.

Here is the “so what?”

TREC KBA is an example that knowledge creation and curation are a fusion of human and machine working together to enhance our written, albeit electronic, knowledge bases. If this concept is new to you I’ll share another fact you may find interesting: a study done by Sysomos Inc. in 2009 found that 32 percent of all tweets made by the most active users were generated by machine bots that posted more than 150 tweets/day. The software development community has been automatically generating documentation from source code with tools like Doxygen.

We have moved beyond computers being electronic typesetting machines to active partners in the authorship of content. Once you are aware of this capability you are open to seeing examples all around you—some of which may surprise you.

To help John Frank and TREC, I am spreading the word on this new TREC KBA Track, and hope it gets some great entries.

Guest lecturer at The George Washington University (EMIS)

I had the pleasure of being a guest lecturer at The George Washington University Executive Master of Science in Information Systems (EMIS) program's class on “Emerging Technology” taught by the cool and capable professor Andrea Armstrong. My conversation with the class focused on innovation, which I will share in this blog. As an alumnus of the program, it was great to do a good turn and give back to a program that helped me grow professionally.

My approach to the class was to be provocative and a source of information for the students. After a brief introduction on my background and current areas of interest, I launched into the presentation. The synopsis of the key points of my presentation is provided in this blog.

The areas where I am currently spending my time and energy on innovation are:

• IT automation
• Mobility and pervasive computing
• Big data and data analytics
• Data centers

First, I presented the typical innovation graph (shown to the right of this paragraph) and posed the question: "Why should you believe this graph?" From my point of view I am suspicious of anything that looks like a normal distribution. The world is so complex that I rarely believe it can be synthesized into a pretty curve.  I then challenged the class's thinking about successful Innovators. Their textbook listed five key visionaries who I would not dispute their contributions or the authors’ research. As an innovator, I wish I could have the same impact they had. From my lens, however, the book also should have included all the visionaries’ failures and other work that fills the gap between both the extremes of success and failure. Would a sample show that the pool of innovators analyzed had similar traits, but the outcome was that some succeeded while others landed into obscurity. Maybe good intentions are not enough. Perhaps time and space or something else is the key descriptor.  Malcolm Gladwell’s book Outliers makes a good case for this hypothesis.

After some fun group discussion, we moved to the second point of my presentation:  innovation is likely an idea that germinated over a long period of time.

I provided an example about Charles Darwin. Darwin believed that his theory of natural selection came to him in a “flash,” but after his death researchers poured through his notes and found that his idea evolved over time (no pun intended). My aim during this part of the presentation was to encourage the class members to be passionate about their ideas and not give up on the first try or 100 tries to create something significant.

The third and last point of my presentation was innovation leverages human networks. Using the example of Burning Man (on my bucket list to attend), I posed the question: “Does innovation happen there?” My next slide showed an image of Silicon Valley and posed the question: “How are Burning Man and Silicon Valley different?” After some discussion I opened up the conversation to discover was on the class’s collective mind other than their Capstone project. The most popular topic was how to handle the grey line between the business and personal spaces of employees regarding the use of social media. 

Burning Man

Thank you EMIS Cohort for the opportunity to present to you also to learn from you that day. 

DIA 50th Anniversay Gala

Image via WikipediaI had the pleasure of attending the 50th Anniversary Gala in honor of the Defense Intelligence Agency last Saturday, October 1 at the Ronald Reagan Building and International Trade Center in Washington, DC. Fifty years ago the idea of shared military intelligence was a new concept, and a fledgling agency rose to the challenge using borrowed office space. Today DIA’s capable staff is deployed around the world providing military support 365 days a year 24x7. From the Cuban Missile Crisis to the asymmetrical threat of terrorists, DIA is out there collecting and disseminating shared military intelligence. Secretary of Defense Leon Panetta provided the evening’s keynote address. As a former Army intelligence officer, Secretary Panetta was able to personally describe his experience, then and now, to the role DIA plays in to further both military and diplomatic missions, keeping warfighters one step out of harms way and ahead of our adversaries. To learn more about the history of DIA, visit http://www.dia.mil/history/ .

For all the men and women who are serving and have served the DIA, and especially those who paid the ultimate sacrifice to protect our country and its citizens, the 50th anniversary of DIA allows us time to say:

Thank you and God bless you.

Intertwining Interactive Technology with Popular Culture

Image via WikipediaWe are at the dawn of intertwining interactive technology with popular culture. The Internet has radically changed our culture and the way we go about business. A quick list of some of the major impacts includes the rise of instant communication from anywhere…to anywhere using:

• Email
• Instant messaging/chat
• Voice Over Internet Protocol (VOIP)/ Video
• Webinars

In addition, the web has enabled us to communicate with people all across the world to discuss their opinions, instantaneously, on any topic imaginable via blogs, discussion forums, social networking and online shopping sites.
 
To fully comprehend how far we’ve come with respect to the Internet in just twenty or so years, we can look back in time to another medium that drastically changed our lives - the Television. This medium, which pushed content to the user, was always in control of the content. The Television ‘decided’ what it told you and you had no way to interact with it. Not only that, you couldn’t easily take it with you. You usually viewed it from the comfort of your home, and frequently shared it with others. Jump forward from the 1950’s to 2011 and we find some very interesting statistics: 

• There are roughly 1,416,338,245 TVs worldwide.
• At the time of writing this blog the US census estimates there are 6,957,575,011 smart phones in the world
• Estimates show there will be approximately 1 billion smart phones in the world by the end of 2011
• Twitter reports they track 144 million tweets per day versus 50 million tweets per day, one year ago, and as you know, Twitter is only 1 microblog of many in the world
• Facebook reports it has roughly 750 million facebook users of which more than 250 million active users currently access facebook through their mobile devices. 

It goes without saying the Internet has mobilized communication for large masses of people.  The question is no longer are we an Internet based society, but rather where are will we go with it next?
 
People have moved from passive users of content where the information was pushed to them (e.g., TV and print) to an Internet-based consumer group that now interacts with the content, thus adding to what was initially published. 
 
Internet behavioral and contextual technologies are beginning to provide real-time marketing information about users that content publisher's analytic systems process to decide what content or product they’ll provide next. People have been transformed into active, engaged users.
 
Instead of simply pushing content, site owners are pulling content from their users to improve their services and get a better understanding of their audience. Users today expect to be able to give their opinion and if you don’t give them a channel to do so, they’ll build their own in the form of a blog or forum.   There are many advantages of this two-way communication or two-way feedback. Hopefully it will continue to lessen the gap between the digital native and the digital immigrant. 
 
Why is this important?
 
For one, it is likely the digital natives will continue to have an ever-increasing impact on the workplace and how business gets done.  The digital natives expect interactive, accessible technology, enhancements in big data, augmented reality, mobility applications, and capabilities that move beyond the mouse to gesture based interfaces. All of this will require new privacy and security models that support the dynamic systems (cloud) of the active engaged worker’s work/life experience.
 
I’d love to hear about examples of this kind of change that you currently see or foresee in the workplace.

References:

• http://en.wikipedia.org/wiki/History_of_the_Internet
• http://www.facebook.com/press/info.php?statistics
• http://blog.twitter.com/2011/03/numbers.html
• http://www.nationmaster.com/graph/med_tel-media-televisions 

Related articles

• Facebook Wants Your Comment on Its Privacy Policy Changes (readwriteweb.com)
• Making Your Child a Smart Net Citizen (education.com)
• Digitized content and Internet growth pave the way for a Netflix in India (zdnet.com)
• Social media monitored more by law enforcement (sfgate.com)
• Are "Digital Natives" Transforming Online Video For Better Or Worse? Part 1 (reelseo.com)
• What Is Network Culture? (daniellehall02.wordpress.com)

Mobility and the Trigger of Use

Image by Getty Images via @daylifeI find it interesting trying to understand the adoption triggers between technology capability and usage. This blog is dedicated to reflecting on work I did prior to and while developing NJVC’s mobility technology road map.

I remember a unified communication architecture I developed in 2004 for a telecommunications carrier based on technology that existed in 2001. In those days we called it “unified messaging.” In retrospect, I am reminded how much capability existed back then. So … why has it take so long for the Unified Communication Center to become mainstream in the mobility market? The simple answer is back in 2004, cellular networks in the United States were just beginning to upgrade to 1xRTT with a goal of GSM. Smart phones were not ubiquitous and location-based services were being developed. I can remember talking with a location-based services product team envisioning how these services would change mobility. Roll time forward, and we now have 4G, geospatial apps are common, improved standards and smart phones are so pervasive that we can use 2001 technology for UCC.

Mobility is disruption, and we can watch it happen. An economic battle exists; raging fueled by consumer desire over technology platforms. This “battle” will likely evolve with economic winners and losers, and will be shaped by innovation, standards and marketing. At the end of the day, this looks like another beta versus VHS tape battle happening, while DVDs and streaming video all enter the market at the same time. Companies will continue to attempt to predict what consumers will pay for services, and deliberate whether to bring them to market as standalone or packaged solutions.

While this is happening, consumers are finding novel ways to blend personal and business devices. For example, the Apple’s iPad, Google’s Android platform or Windows phone 7. This blend of use brings front and center intellectual property and security issues.  What the market will bear in terms of cost and or reduced capability to mitigate these issues is a moving target.

It will be interesting to see how and at what velocity companies apply wireless technologies and mobile devices to best run, grow or transform consumer- or employee-facing business applications and processes.

This is going to be fun.

Examining the Homeland Security Impact of the Obama Administration’s Cyber Security Proposal

Image via WikipediaLast Friday, June 24, I visited the Cannon House Office Building to listen to testimony presented during a hearing of  the Committee on Homeland Security’s Subcommittee on Cyber Security, Infrastructure Protection and Security Technologies. The hearing was entitled “Examining the Homeland Security Impact of the Obama Administration’s Cyber Security Proposal.” The membership of this committee is:

• Subcommittee Chair Dan Langren (R-CA-3rd District)
• Rep. Michael McCaul (R-TX-10th District)
• Rep. Tim Walberg (R-MI-7th District)
• Rep. Patrick Meehan (R-PA-7th District)
• Rep. Billy Long (R-MO-7th District)
• Rep. Tom Marino (R-PA-10th District)
• Ranking Member, Yvette D. Clarke (D-NY-11th District)
• Rep. Laura Richardson (D-CA-37th District)
• Rep. Cedric Richmond (D-LA-2nd District)
• Rep. William Keating (D-MA-10th District)

I invite you to view Chairman Lungren’s  opening remarks at the hearing.

I encourage you to read the transcripts of expert witness testimony and view Chairman Lungren as he questions the witnesses.

• Larry Clinton, President, Internet Security Alliance, [full text of testimony]
• Melissa Hathaway, President, Hathaway Global Strategies LLC, [full text of testimony]
• Greg Shannon, Chief Scientist for Computer Emergency Readiness Team, Software Engineering Institute, Carnegie Mellon University, [full text of testimony]
• Leigh Williams, BITS President, The Financial Services Roundtable, [full text of testimony]
• Chairman Lungren: questions the witnesses 

Cyber security is a complex topic that impacts our government, business and the lives of citizens. Ensuring that we enact the best legislation possible is everyone’s civic responsibility. Ms. Hathaway pointed out in her testimony that there are more than 50 cyber security bills currently being considered by the 111th Congress. At the State level, legislatures also are focusing on cyber security: namely cyber stalking, cyber harassment and cyber bullying.

In my mind, education and ongoing dialogue are necessary to achieve the goal of enhanced cyber security at all levels and in all sectors. Achieving the right balance of public/private market incentives and legislation are the keys to ensure our cyber ecosystem continues to be healthy and protected.

DoDIIS 2011

Image via WikipediaAs I was heading to DoDIIS 2001 in Detroit, I wondered what I might blog about after the show. This is my third blog in as many years about attending DoDIIS and I did not want to rehash what I had written in the past.

• dodiis-worldwide-conference-2010
• dodiis-worldwide-2009

I did not imagine that last Sunday night while having a beverage with my fellow conference attendees we would hear on the news that Osama bin Laden, the leader of al Qaeda, was dead. As I looked around the bar I saw people with tears in their eyes, shouting “hooah,” standing in silence, hugging and fist bumping. This historic event was a very personal moment of closure for all of us.

I will never forget that I was in Kansas City on Sept. 11, 2001, eating breakfast in a hotel restaurant with my coworkers watching TV and to my complete abject horror, watched the events play out showing the senseless deaths of many people—some of whom I knew personally. Since that terrible day I have met many more individuals who have shared their stories of how this senseless event impacted them.

To all those people who gave the ultimate sacrifice in pursuit of justice, I humbly say, thank you.

As Sunday ended and Monday began with the DoDIIS kick-off keynote, the “normalcy” of this conference merged with the previous night’s event. For DIA, this particular conference was an opportunity to celebrate its 50th anniversary (the agency was formed in 1961) and my guess is DIA was happy with its “present.”

NJVC had a great showing at DoDIIS and the feedback of our demos—cloud, cyber, facility modernization and video telecommunications— was they were relevant and the participants were ready for them.

After attending DoDIIS, it is clear to me that NJVC and its partners have the solutions to help DIA and the DoDIIS community find and implement Grant Schneider’s DIA CIO and Director of DS top three challenges:

1. Governance
2. Leverage technology to lower the cost of information technology
3. Better understand how to collaborate to achieve mission results

I am optimistic!

National Defense Industrial Association Information Systems Summit II

Image via WikipediaLast week I had the privilege of attending National Defense Industrial Association Information Systems Summit II sponsored by its C4ISR Division. The focus of the conference was on the usage of Agile development within the Department of Defense.  After reviewing the attendee roster list, I believe NDIA did a good job in getting a good mix from government and industry to attend and share their knowledge. I was pleased to observe that many of the attendees were either involved in their agencies’/companies’ existing Agile projects, or were seeking more information because their agency/company is planning future Agile projects. The conference allowed for a meaningful dialogue where attendees were able to share their experiences and ask questions of the speakers and other fellow participants. Even though the tagline for the conference was “What’s All This Agile Stuff About, Anyway?,” the goal of the conference was to provide attendees with an understanding and accelerate the adoption of the Manifesto for Agile Software Development within DoD. My opinion is Agile is here.

To show how far Agile has come, the National Defense Authorization Act for Fiscal Year 2010 within Section 804, Implementation of New Acquisition Process for Information Technology Systems, shown below supports Agile SCRUM:

 “…(a) NEW ACQUISITION PROCESS REQUIRED.—The Secretary of Defense shall develop and implement a new acquisition process for information technology systems. The acquisition process developed and implemented pursuant to this subsection shall, to the extent determined appropriate by the Secretary—

(1) be based on the recommendations in chapter 6 of the March 2009 report of the Defense Science Board Task Force on Department of Defense Policies and Procedures for the Acquisition of Information Technology; and 

(2) be designed to include—

(A) early and continual involvement of the user;
(B) multiple, rapidly executed increments or releases of capability;
(C) early, successive prototyping to support an evolutionary approach; and
(D) a modular, open-systems approach.

(b) REPORT TO CONGRESS.—Not later than 270 days after the date of the enactment of this Act, the Secretary of Defense shall submit to the Committees on Armed Services of the Senate and the House of Representatives a report on the new acquisition process developed pursuant to subsection (a). The report required by this subsection shall, at a minimum—

(1)    describe the new acquisition process;
(2) provide an explanation for any decision by the Secretary
to deviate from the criteria established for such process in paragraphs (1) and (2) of subsection (a);
(3) provide a schedule for the implementation of the new acquisition process;
(4) identify the categories of information technology acquisitions to which such process will apply; and
(5) include the Secretary’s recommendations for any legislation that may be required to implement the new acquisition process…”

A mechanism that is gaining steam for managing Agile projects following Section 804 is AgileEVM1, which uses the capabilities of the Agile SCRUM framework to develop Cost Performance Index (CPI) and Schedule Performance Index (SPI). These indices develop an Earned Value (EV)—or a project management technique for measuring project performance and progress in an objective manner. The net is ability for business owners to understand the Earned Business Value of an Agile project. The approach between traditional EV and AgileEVM are different, but the important point is a dialogue now exists where Agile SCRUM teams can be compliant with DoD acquisition guidelines. The following two bullet points show some of the difference in collected metrics: 

     CPI

• Traditional CPI = Budgeted Cost of Work Performed/ Actual Cost of Work Performed
• AgileEVM CPI = (Baseline Cost per StoryPoint)/Actual Cost per StoryPoint

    SPI

• Traditional SPI = EV/ Planned Value
• AgileEVM SPI = (Actual Velocity)/(Baseline Velocity)

From the time the Agile Manifesto was put on paper in 2001 so developers could provide their communal voice on how software should be developed, we are now hearing from the acquisition side of the house on how we can measure the value of their approach to software development. 

Related articles

• Keep Agile Development Going (devx.com)
• Agile development and Enterprise Architecture practice - Can they coexist (setandbma.wordpress.com)
• Agile eLearning - 27 Great Articles (downes.ca)

RSA Conference 2011

The RSA Conference 2011 has come and gone and I was proud to represent NJVC as a panelist and participant. At the Speakers’ Dinner, Art Coviello, RSA CEO, said some 20,000 security professionals gathered in San Francisco to hear keynotes, attend the vendor expo, meet with clients and network. When you think of that many people attending, in terms of the ingenuity present in one place, and invested dollars it’s staggering. It is my hope that one-day cyber netizens will have a global cathartic moment and say “enough is enough,” but in the meantime there is a lot of work to do to improve the security of data in a wide variety of environments.

Personal highlights from the week included participating in Internet Security Alliance's (ISAs) Project on Securing the Electronic Supply Chain. ISA is developing guidelines to ensure that regardless of where design, fabrication, pre-assembly, assembly, distribution, and maintenance companies, organizations and staff are located, they feel confident their intellectual property and products are secure and no malware is embedded in the hardware from design to fabrication. Following that theme was a requirement for secure cloud supply chain that was repeated multiple times during the conference.
A quick analysis of the tweets (#rsaccloud) relayed during “The Future of Security in the Era of Cloud Computing” live discussion with panelists Philippe Courtot, Qualys Chairman and CEO; Paul Saffo Technology Futurist and Stanford University Consulting Associate Professor; and Dave Cullinane eBay CISO, speaks to the RSA Conference community’s desire to further understand several aspects of the cloud:

• Data leakage
• Links to cloudage.org
• Migration between cloud vendors
• Organizations that should conduct penetration tests for a cloud vendor
• Cloud impact on compliance costs

I was pleased that my panel, “Cyber Catastrophe in the Movies: Realistic Threat or Hollywood Hype?,” was well received by the audience. Using the movies as a mechanism to engage the audience on cyber worked well for a discussion on what is real and what is pure fantasy.

Each of the panels I participated and vendors I met brought me added knowledge in the area of cyber and I was appreciative of their time and knowledge. Friday ended with a keynote by former President Bill Clinton who discussed the need for security to the global stage and discussed its importance in allowing for innovation to fuel the U.S. economy.

Related articles

• RSA Conference 2011 Thursday: Amazing Keynotes (365.rsaconference.com)
• RSA names new president ahead of conference (v3.co.uk)
• Qualys debuts its next-generation security-as-a-service (venturebeat.com)
• RSA update (nsslabs.blogspot.com)
• Security as a Service ≠ Securing the Cloud (blogs.rsa.com)

Cyber Insurance

Cyber insurance is a topic that was recently discussed in a number of events and venues that I participated. In response, I have decided to dedicate this blog to a primer. According to the Internet Security Alliance, cyber insurance is:

“[A]n insurance product used to protect businesses from Internet-based risks, and more generally from risks relating to information technology infrastructure and activities. Risks of this nature are typically excluded from traditional commercial general liability policies. Coverages provided by cyber-insurance policies may include first-party coverage against losses such as data destruction, extortion, theft, hacking, and denial of service attacks; liability coverage indemnifying companies for losses to others caused, for example, by errors and omissions, failure to safeguard data, or defamation; and other benefits including regular security audits, post-incident public relations and investigative expenses, and criminal reward funds. ”1

A healthy discussion is ongoing about how public and private partnerships can come together to create market incentives to stimulate the growth of a private cyber insurance industry. These partnership can both provide private economic incentives to spur greater cyber security efforts while also creating a private market mechanism that fosters adoption and compliance. If this topic is not on your radar today, it will likely be in the near future. As this topic gains more mainstream attention, the intent is there will be market incentives to encourage voluntary versus mandated adoption that leverage proven, successful security best practices, standards and technologies.

So what can you do? If you are starting from ground zero, having the discussion within your business on the merits for cyber insurance is a great first step, which will then lead to a discussion on risk and exposures to cyber exploits. Part of your risk discussion should include how your business stacks up against the benchmarks used for underwriting cyber insurance. As a guideline, the underwriting standard for cyber insurance is ISO/IEC 27001:2005, which is part of the ISO/IEC 27000 series of information security management systems. Obtaining an ISO/IEC 27001certification[2], like other ISO management system certifications, usually involves a three-stage audit process:

• Stage 1 is a preliminary, informal review of the information system management system (ISMS)
• Stage 2 is a more detailed and formal compliance audit, independently testing the ISMS against the requirements specified in ISO/IEC 27001.
• Stage 3 involves follow-up reviews or audits to confirm that the organization remains in compliance with the standard.

The active side of an assessment is penetration testing—a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, (e.g., hacker). Many forms of penetration testing exist. The Open Source Security Testing Methodology Manual is a standard for professionals who conduct penetration testing. If you use credit cards in your business you may have to follow the Payment Card Industry Data Security Standard  requirements for penetration testing.

Other places to look for additional information include:

• Internet Security Alliance (ISA)
• Information Systems Security Assessment Framework
• National Institute of Standards and Technology's SP800-115

The hard and sobering truth is you can take all the precautions listed above and still be compromised. The choice is whether or not your company is prepared to know what to do next.

Your company survived Y2K and likely has a plan for business continuity and disaster recovery. In the connected world of today, I suggest you have a cyber plan as well.

Related articles

• Amazon, ISO 27001 and Deception (flyingpenguin.com)
• 5 greatest myths about ISO 27001 (iso27001standard.com)
• Leading ISO 27001 Roadmap Refreshed - Takes Guesswork Out of Information Security Certification Process (prweb.com)
• Cyber Insurance (thehealthcareblog.com)
• Meet Stringent California Information Security Legislation with Comprehensive Toolkit (deurainfosec.com)

Security and Geotagging

Image via WikipediaA great presentation that everyone should read is called, “Social Media Roundup Geotags and Location-Based Social Networking Applications, OPSEC and Protecting Unit Safety.” I recommend using your favorite search engine to find a copy. While the presentation is geared for military units, the information also is useful for business and personal life.

In a nutshell, if you have a device (e.g., phone or camera) capable of geotagging and you publish the information to a public website, the potential exists that you left a digital footprint of when and where you have been. Why? A geotagged  photo contains geographic metadata about where you took the picture. geotagging can be fun and provides businesses with the capability for location-based awareness for commerce.

It is easy to take geotagged pictures with our mobile devices and cameras and place them on social websites. In fact, people take great pleasure in doing this.

However, with most technologies they can be used for good or bad, and placing the photos on a website may cause the poster to publicly offer information he or she did not know they were posting.

When you post a photo, it has attribution—that means who you are. A geotagged photo includes the following GPS metadata:

• Latitude
• Longitude
• Time stamp

Together they tell something about what you did and when you did it.

Depending on the website and how you configured the security settings, you may allow someone who you did not intend view the locations of your travels. Based on this information, he or she can possibly conjecture where to find you at a particular time of day, as well as where you live and work.

So, what is the right thing to do?

First, knowing when to turn off the GPS function is key. Second, reach out to your family, friends and coworkers to be sure they are aware of the potential security issues and settings for geotagging photos on public websites. Third, define your risk tolerance if you publish geotagged photos and know when and how to control the GPS functionality on your device and the website you posted the photos.

Related articles

• Letter Re: OPSEC Issue: Geotagging on Pictures from Smart Phones (survivalblog.com)
• How to Upload a Geotagged Photo to Google Earth (brighthub.com)
• Geotagged Photos Help Prioritize Oil Spill Response in Gulf (eon.businesswire.com)
• Geotag Security, Remove Geotag Data From Photos (ghacks.net)
• Q&A: How to Remove Location Information from Picasa Photos (gadgetwise.blogs.nytimes.com)
• The Dangers Of Geo-Tagging In Harlem (harlemworldblog.wordpress.com)
• Q&A: How to Remove Location Information from Picasa Photos (gadgetwise.blogs.nytimes.com)
• Geotag Security Sanitizes Geotagged Photos [Downloads] (lifehacker.com)
• TappyTaps' Geotag Photos gets Geotagging App of the Year from Macworld (themactrack.com)

MarkLogic’s Government Summit 2010

Image via WikipediaOn Nov. 17, 2010, I attended MarkLogic’s Government Summit 2010 in Tysons Corner, VA. The summit’s theme focused on the challenges for solving unstructured data problems. This issue has been a problem front and center for organizations and technology leaders in the government as they look to connect the dots and provide more transparency in government and solve their hard data issues. The lineup of speakers was inspiring. In this blog I wanted to focus on the remarks of Colonel David W. Sutherland and Major John W. Copeland of the Office of the Chairman of the Joints Chief of Staff, Warrior and Family Programs. Major Copeland and Colonel Sutherland wrote a white paper, Sea of Goodwill Matching the Donor to the Need By: Major Johne W. Copeland and Colod David Sutherland.

 Getting information to solve everyday issues can be challenge to anyone.  Whether its finding a doctor that understands your issues, finding a job, or getting information on a topic.  This challenge does not exclude our warriors returning home from the battlefield. Right in front of us, exist unstructured data problems that when solved, can make a difference in the quality of life for our servicemen and servicewomen.

“Our men and women in uniform stand watch abroad and more are readying to deploy. To each and every one of them, and to the families who bear the quiet burden of their absence, Americans are united in sending one message: we honor your service, we are inspired by your sacrifice, and you have our unyielding support.”1   

“And just as they must have the resources they need in war, we all have a responsibility to support them when they come home.”2

- President Barack Obama

As Colonel John Copeland pointed out in his keynote address,

“War is an obscene activity to engage in, but we do it because the alternatives for not participating are even more obscene.”

When the servicemen and servicewomen come home they want the same things that others have:

• Education
• Secure employment
• Quality health care

And “to live a sustainable life in civilian society,” according to Colonel Copeland

This task can be challenging under normal circumstances, but it can be more challenging when a service member is a recovering wounded or ill or if his or her immediate family has to move forward because the warrior died in the line of duty.

When implementing solutions that connect the dots take a holistic view of the problem and how technology will remarkably improve it, whether it’s the fight against terrorism, education, health care, employment or <insert idea> the outcome of the effort should have a positive impact whether is improving the quality of life for a person or family or safety of a country.



1.    Presidential Address to Joint Session of Congress. Feb. 24, 2009; www.whitehouse.gov
2.    Presidential “State of the Union Address. Jan. 27, 2010 ”; www.whitehouse.gov /the-press- office/remarks-president-state-union-address /the_press_office/remarks-of-president-barack-obama-address-to-joint-session-of- congress/

Related articles

• MarkLogic Announces Keynote Speakers for Government Summit (eon.businesswire.com)
• Government Agencies Discuss the Importance of Managing Unstructured Data at MarkLogic Government Summit (eon.businesswire.com)
• Come To The MarkLogic Government Summit, 11/17/10 at the Ritz-Carlton in Tyson's Corner (kellblog.com)
• Taking control of unstructured data (enterprisedrm.info)
• A Strategy to Protect Unstructured Data (informationweek.com)

20 Most Innovative Cyber Technologies (per SINET)

I had the opportunity to attend the Security Innovation Network SINET Showcase on Oct. 26 – 27, 2010 . The show brought together what the SINET Board felt were the 20 most innovative Cyber Technology technologies based on 136 entries. Each of the 20 companies had 10 minutes on stage to explain their products’ value propositions to the audience. I think both the presenters and audience enjoyed the challenge of staying within the designed time limit. The showcase also included workshops and panel discussions, and I attempted to attend most of them. Some of the technologies presented were really exciting and I recommend you take a look at them.

Related articles

• Catbird Selected to Present Best-of-Class Security Product at SINET 2010 (eon.businesswire.com)
• WebLOQ Selected to Present Innovative Security Solution in Washington, D.C. at SINET Showcase 2010 (prweb.com)
• The SINET Show 2010 - Increasing Awareness of Innovative Cyber-Security Companies and Products (securityorb.com)
• Global Velocity Inc. was Chosen to Present Innovative Security Solutions in Washington, D.C. at SINET Showcase 2010 (prweb.com)
• BreakingPoint Innovation for Measuring Network and Data Center Resiliency Selected for SINET Showcase 2010 (marketwire.com)
• SRI International President and CEO Curtis R. Carlson to Participate in Expert Panel on Global Innovation at the Security Innovation Network's SINET Showcase (prnewswire.com)
• Our Government Can't Prevent A Digital 9-11: Entrepreneurs Need To Step In (techcrunch.com)

GEOINT 2010

Image via WikipediaA year has passed since writing my reflections on GEOINT 2009 Symposiums. Stu Shea, USGIF CEO and Chairman, opened this year’s event with the history of the symposium—from its inception and desire to make a difference.

The focus for this year’s GEOINT was “Geospatial Intelligence 3.0” and the keynotes speakers, sessions and vendors presented what this theme means to them. 

Some things are constant. NJVC had a great booth with thought-provoking demos on cloud computing, cybersecurity dashboard, deployable printing and an all-in-one VTC unit, and my informal survey of attendees showed that NJVC had the best party on the GEOWalk Corporate Hospitality Night…but I might be a little biased. Like last year, Matt Langan who creates the “got geoint?” blog for USGIF continued discussions on the foundation’s social media strategy. I had this discussion with many people during the symposium and appreciate their time dedication to the mission and their insight. Hats off to Keith Masback and his team for putting on another great event— and if I have repeated myself from last year it’s for good reason!

General James E. Cartwright, USMC, Vice Chairman of the Joints Chiefs of Staff said, “Agility happens at the edge”—which I am in agreement.  From the developer’s lens, this is an agile SCRUM where the warfighter is the product owner who is prioritizing the backlog of capabilities delivered on a regular short cycles. From the warfighter’s perspective, it is the confidence that the doctrine, organization, training, materiel, leadership, personnel and facilities are in place to ensure he or she knows what is over the next hill—no matter what the hill is.  Some background on Agile can be found in my prior blog, “Having an Agile Day.” Based on the operations tempo, development teams need to master the art of who needs to sit forward with the product owner and who can be virtual to deliver value and meet the ilities that represent the quality aspects of a system (e.g., reliability, scalability, availability, extensibility) against mission cost.

One of my takeaways from GEOINT is that the requirement for the multi-platform is here. Beyond virtualized hardware, operating systems and storage, there appears to be a real desire to fuse sensor data from multi-source platforms—whether it is for an all-source analyst or for one working within a specific INT (e.g., SIGINT, MASINT, HUMINT, GEOINT)—and increase exponentially automated knowledge-based exploitation so analytic problems don’t scale linearly with people. The link between the tactical and enterprise is the usage of open standards, which is the connective tissue for enterprise architecture. As we automate capabilities with a vision toward a dynamic user experience, the capability to improve discoverability globally with seamless coverage becomes the possible.

I’ll steal a line from Bob Gourley, Crucial Point LLC's CTO: “GEOINT makes me think.”

Related articles

• NJVC, Invertix Announce Cloud Computing Demonstration at GEOINT 2010 (eon.businesswire.com)
• NJVC Announces GEOINT 2010 Symposium Line Up (eon.businesswire.com)
• USGIF Announces Geospatial Intelligence Awards Recipients (eon.businesswire.com)
• Appistry and Partners Showcase Cloud-Enabled "Big Data" Solutions at GEOINT 2010 (prweb.com)
• USGIF Presents Jack Dangermond Lifetime Achievement Award - Renames Award in Honor of Arthur C. "Art" Lundahl (eon.businesswire.com)
• GEOINT 2010 Moves to New Orleans (eon.businesswire.com)

Gartner Symposium IT XPO 2010

Image via WikipediaAs I was chatting with other attendees at the gate prior to our plane heading back to Dulles, VA, after attending the Gartner Symposium IT XPO 2010, I was asked about my impressions of the conference.

I enjoyed meeting CIOs from other industries and talking with them about their experiences if only for the possibility that I might see a solution to a problem from another lens. On the “small-world” front I was talking to Alain Cohen the President/CTO from OPNET and learned that a project I worked with the company in the mid-'90s was part of the inspiration for its ACE Analyst product. NJVC has a modeling and simulation capability, and I believe it is an important tool to ensure an infrastructure stays healthy from design through sustainment.

 I was amazed how many iPads were being used by attendees at the conference—and it actualized John Chambers’s keynote concept of the borderless network. It is very likely that the majority of iPads at the conference were personally owned by the attendees, but were being used for work—I fit that category, as well. The blurring of devices we use in our lives will only make the role of the CIO more challenging. Mobility isn't coming soon: it’s here now and the product vendors ensure a product exists for every taste and price point. CIOs should start thinking about how mobility will impact their existing corporate policies.

Gartner had many sessions about cloud computing from different lenses. Even though the National Institute of Standards and Technology (NIST) has a definition for cloud computing, much of the discussion was about what cloud is and when to use it. As a footnote, during the conference GSA awarded its infrastructure as a service contract. At NJVC, we believe cloud is an important service to provide to clients and we have stood up a practice group headed by Kevin Jackson and backed by great technical and delivery staff. We will have a cloud demo running at our booth (#375) at the GEOINT 2010 Symposium, Nov. 1 - 4, so stop by to see it and say “hi.”

Beyond cloud, mobility, video, social networks, business process management and, large data problems rounded out the areas at the Gartner Symposium that caught my attention. I enjoyed the emerging technology area in the IT Expo—and I plan on following up with several vendors that I met.

John Chambers, Cisco CEO, said something that resonated with me because it underlies the importance of business owners and IT staff being in concert if they plan to deliver outcomes. Chambers’s quote is:

“The language you speak to your customers needs to be the same language you speak to the technical staff.”

Related articles

• A Journey to Reach Your Cloud, Securely (blogs.cisco.com)
• NJVC Announces GEOINT 2010 Symposium Line Up (eon.businesswire.com)
• NJVC Opens Third Office in St. Louis Metropolitan Area (eon.businesswire.com)
• Chambers on Process and Cultural Change (zdnet.com)
• Gartner Symposium/ITxpo Mastermind Keynotes to Include Interviews With Cisco's John Chambers, Microsoft's Steve Ballmer and Salesforce.com's Marc Benioff (eon.businesswire.com)
• Ready for a cloud computing brokerage? (zdnet.com)
• Gartner: Benioff and the Cloud (jeffnolan.com)
• Cloud computing in the enterprise: What's the holdup? (zdnet.com)

OSS Society Reception Saturday, October 3, 2010

I attended The OSS Society reception Saturday, Oct.3, 2010, where Walter L. Mess received the Presentation of the Distinguished Service Award, Colonel Michael S. Warburton, USA, received the John K. Singlaub Award, and Ross Perot received the William J. Donovan Award. There is no doubt these men have lead remarkable careers and deserve the recognition.

At the dinner I was struck by the thought and later reflected that government agencies are “experiments” that change over time. The fact that members of the Office of Strategic Services (OSS) attended the event is a testament to the dynamic change the U.S. government has gone through in a very short timeframe to meet the current and future needs of this great nation. The OSS had a short life span that has left a large impact on both intelligence and military communities.  Briefly stated, In 1942 the Coordinator of Information became the OSS.  President Truman dismantled the OSS in 1945 with the close of World War II. Additional information can be found by going to the OSS Society's website: http://www.osssociety.org/. The OSS chose the spearhead as its symbol stemming from founder Major General Donovan’s vision for that office to be the tip of the spear. The OSS is the precursor to the Central Intelligence Agency and Special Operation Forces: Rangers, Force Recon, Delta Force, Green Berets and Navy Seals— to name a few.

What I took away from the evening is not only do IT solutions need to support our customers’ missions today and tomorrow, but they also need to be an enabler for these experiments to change if and when the world needs them to change.

“We were not afraid to make mistakes because we’re not afraid to try things that had not been tried before.”

“You can’t succeed without taking chances.”

            - Major General William J. Donovan, OSS Founder

Cyber Conflict Studies Association (CCSA) Conference

CCSA

On Sept. 21, 2010, I attended the Cyber Conflict Studies Association (CCSA) conference,  “Furthering the field: A Comprehensive Program for Cyber Conflict Studies.” I have listed several cyber security stories that were published after the conference to make the point that cyber conflicts are real and a global issue:

• 27 September, Anti-piracy Lawyers’ Email Database Leaked After Hack
• 27 September, Zeus Botnets’ Vulnerability that Allows for Infiltration
• 25 September, Stuxnet Worm Infects Iran
• 24 September, New Azvhan Bot Family Revealed

 At the conference I saw old friends and met some new ones. In my opinion, the event was successful because it got me to think and want to participate in developing solutions. There are two golden threads that I will pull through from the day.

First, took place during a keynote address given by Richard A. Clarke. I candidly admit that I enjoyed his presentation when he reflected on his 30 years in government service that included experience in arms control negotiation. The possibility of a cyber war is plausible and the rules that define it are being worked out in the courts and military doctrine. Will cyber war happen by itself or in combination of kinetic attack will depend on the military objective? Cyber warfare can be targeted to both combatants and noncombatants.  Diplomats, military planners, law enforcement officials, civil authorities and, NGOs need to be proactive so it does not happen and be prepared when it does. When Mr. Clarke’s presentation is distilled into a few words, it is: even the hardest problems can be solved through dialogue and confidence-building activities, and I am optimistic that the cyber conflict can be addressed along that same route. Nuclear, chemical and biological weapons have been addressed in this manner and so should the technologies and targets used for cyber conflicts. 

The second point presented by several speakers was the idea of creating a “Manhattan Project” for cyber and some of the strategy aspects that would be required for such a program. The outcome of the Manhattan Project was usage of the atomic bomb in World War II that brought on the age of the Cold War. I'll paraphrase what Mr. Clarke said in his keynote, active defense creates crisis instability. What I would add to the discussion is the Atomic Energy Commission, which was set up by the Atomic Energy Act in 1946 to take over the functions and assets of the Manhattan Project. The AEC established civilian control over atomic development, and separated the development, production and control of atomic weapons from the military.  The same should be considered if a Cyber Manhattan project created.

It is critical we create both offensive and defensive measures for cyber conflicts. At the same time, the nation’s leaders should be working just as diligently on creating deterrents, such as treaties, so we never end up in a scenario of crisis instability.

Related articles by Zemanta

• Stuxnet worm heralds new era of global cyberwar (guardian.co.uk)
• Stuxnet Worm (cryptogon.com)
• Clarke: Obama Cyberwar Fail (infosecurity.us)
• Stuxnet: the Trinity test of cyberwarfare (warincontext.org)